Though consumers remain the largest offenders, and victims, of lapses in smartphone security, allowing employees to use personal phones for work email can put business systems at risk, as well.
“From my standpoint, when it comes to smartphone applications you should trust no one,” said Chris Furey, founder and CEO of Virtual Density in Danbury, a multi-vendor cloud computing aggregation, storage and security service. “Whatever apps you”™re downloading, whether they are from your bank or just a game to pass time, you need to do your homework.”
A recent study published by New York-based technology research company Ovum showed that only 52 percent of businesses enforce authentication on company-provided mobile smartphones. Fellow New York-based technology research company Goode Intelligence conducted a similar survey that found 70 percent of businesses allow employees to use their personal smartphones for company business, and 64 percent of the companies that allow users to store company information on their smartphones are not enforcing encryption of that data.
“Often it is not the application function of your phone that you are using that is dangerous,” said
Furey. “Often malware (malicious software) is designed to stay hidden and spy on the accounts you access them on your phone.”
Furey said the Apple iStore is the most reliable place to download a smartphone application because of the vetting process Apple puts developers through. Apple”™s major application competitor, the Android, currently offers no regulation in terms of developer or software intent.
“Amazon is actually building a market for Android applications that is much more like the iPhone store in terms of a vetting process,” said Furey. “That should level the playing field a bit.”
In a recent study Traverse, Mich.-based Ponemon Institute, which conducts independent research on privacy, data protection and information security policy, found that in 70 percent of smartphone users have never considered using a mobile antivirus application. According to the study, 66 percent of people have made at least one purchase on their phones, 38 percent have made payments on their phones and 14 percent do mobile banking. The study found 12 percent have been the target of attempted mobile payment fraud, though six percent do a monthly check of their cell phone bill.
“Most of us really forget that these aren”™t cellphones we”™re using; they are small personal computers that happen to be able to make phone calls,” said Furey.
David Jacquet, president of the InfoSec Group, a business group of veteran senior information security consultants in Westport, said when it comes to our computers we see making purchases and opening work files as two common vulnerabilities to corporate web security, but the same is not so for smartphones.
“Most of us have no issue with making purchases through our mobiles, and the majority of us use the same phone for business and personal use,” said Jacquet.
